WinHex
From Wikipedia, the free encyclopedia
| WinHex | |
 WinHex |
|
| Developer: | Stefan Fleischmann |
|---|---|
| Latest release: | v13 SR-1 / June 14, 2006 |
| OS: | Microsoft Windows |
| Use: | Utility |
| Licence: | Proprietary |
| Website: | www.WinHex.com |
WinHex is a commercial hex editor and file-viewer developed by Stefan Fleischmann and published by X-Ways Software Technology AG. It allows users to view files and data in their hexadecimal representation. In addition to this, it provides a number of computing-forensics specific features, namely disk viewers for viewing and analysing raw areas of a hard disk drive (such as the master boot record, file allocation table, file areas and cluster tips), RAM viewers for analysing currently running processes and memory images, deleted file recovery and byte-wise data editing. It is provided in a series of 'usage level' licenses, which range from normal users to forensic specialists, with the cost of the license being reflected in the usage level chosen. It is currently available for Microsoft Windows only.
[edit] Features
WinHex comes equipped with a myriad of features for hex-editing and disk analysis. Through the use of 'templates,' the program is able to identify operation-critical regions on a hard disk, such as the boot sector, master file table, free clusters and used data regions. In addition, it displays a detailed inventory of disk directories and files hidden by the filesystem. WinHex can also 'see' deleted files. This is possible because operating systems do not by default securely erase data, so assuming the area used by a previously deleted file hasn't since been overwritten, it's likely some elements of the file are recoverable. This fact is exploited by computer forensics technicians, and is an important part of evidence gathering activities in legal cases regarding possession of child pornography, hacking or internet fraud. WinHex is one of the few programs with a comprehensive forensics toolset available in the public domain. Other tools such as Encase provide a complete record of computer usage, but it is prohibitively expensive for the casual user. As such, WinHex is a good compromise between price and features.
